Hasil dari kerjaan di warnet & game online “Satelit Internet” Jl. Hayam Wuruk No. 51 Probolinggo.
Load balancing 3 speedy menggunakan load balancer TPLink TL-R480T+ ditambah bandwith management punyanya Mikrotik dan iseng-iseng nyoba IPCOP sebagai squid nya.
IPCOP, Mikrotik, Billing
Yang ditulis kali ini cuma disisi mikrotiknya aja (pake mikrotik v2.9.27). Itung-itung buat arsip juga.
1. Topologi jaringan
IP address
Load balancer = 192.168.8.10
Mikrotik dengan 3 lan card:
—> Eth1 = 192.168.8.1 (ke load balancer)
—> Eth2 = 192.168.15.1 (ke IPCOP)
—> Eth3 = 192.168.1.1 (ke Switch/hub)
IPCOP = 192.168.15.10
Modem di set mode bridge, jadi yang dial PPPoE dari loadbalancer nya
2. Setting Mikrotik
—> Ethernet Card
name=”Speedy” mtu=1500 mac-address=4C:00:10:1B:4E:6F arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps
name=”Lokal” mtu=1500 mac-address=00:02:2A:BF:E2:08 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps
name=”Squid” mtu=1500 mac-address=00:0E:2E:01:62:24 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps
—> IP address
[admin@satelit-internet]/ip address
add address=192.168.8.1/24 interface=Speedy
add address=192.168.1.1/24 interface=Lokal
add address=192.168.15.1/24 interface=Squid
—> DNS
[admin@satelit-internet]/ip dns
set primary-dns=192.168.8.10 allow-remote-request=yes
—> Route
[admin@satelit-internet]/ip route
add gateway=192.168.8.10
—> NAT
[admin@satelit-internet]/ip firewall nat
add chain=dstnat src-address=!192.168.8.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.8.10 to-ports=818
add chain=srcnat out-interface=Speedy action=masquerade
tujuannya membelokkan semua port 80 dari client ke port 818 (squid IPCOP) yang berfungsi sebagai web proxy
—> Mangle
tujuannya
memisahkan bandwidth internasional dan lokal (OpenIXP dan IIX)
Daftar IP Address yang diadvertise di OpenIXP dan IIX dapat di download di http://www.mikrotik.co.id/getfile.php?nf=nice.rsc
File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia setiap pagi sekitar pk 05.30, dan merupakan data yang telah di optimasi untuk menghilangkan duplikat entry dan tumpang tindih subnet.
Untuk tutorial auto import script ke mikrotik bisa diintip disini
[admin@satelit-internet] >/ip firewall mangle
add chain=forward dst-address=192.168.1.0/24 action=change-ttl new-ttl=set:1 comment=”change TTL”
add chain=forward out-interface=internet protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 comment=”change mss”
add chain=forward content=X-Cache: HIT action=mark-connection new-connection-mark=squid_conn passthrough=yes comment=”squid proxy”
chain=forward connection-mark=squid_conn action=mark-packet new-packet-mark=squid_packet passthrough=no
/* Prioritaskan ping dan DNS */
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp passthrough=yes comment=”icmp”
add chain=prerouting connection-mark=icmp action=change-tos new-tos=min-delay
add chain=prerouting connection-mark=icmp action=mark-packet new-packet-mark=icmp passthrough=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS passthrough=yes comment=”DNS”
add chain=prerouting connection-mark=DNS action=change-tos new-tos=max-throughput
add chain=prerouting protocol=udp dst-port=53 connection-mark=DNS action=mark-packet new-packet-mark=DNS passthrough=no
add chain=forward protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=IRC passthrough=yes comment=”irc”
add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=6000-7000 action=mark-packet new-packet-mark=irc passthrough=no
add chain=forward connection-mark=IRC action=mark-packet new-packet-mark=irc passthrough=no
/* Upload Connections */
add chain=prerouting src-address=192.168.1.0/24 dst-address-list=!nice action=mark-packet new-packet-mark=upload comment=”upload” passthrough=no
/* Download Connections hanya untuk bandwidth internasional (OpenIXP) */
add chain=forward dst-address=!192.168.1.0/24 connection-mark=!squid_conn dst-address-list=!nice action=mark-connection new-connection-mark=download passthrough=yes comment=”download”
add chain=forward connection-mark=download action=mark-packet new-packet-mark=download passthrough=no
—> Queue type
[admin@satelit-internet]/queue tree
add name=”pfifo-64″ kind=pfifo pfifo-limit=64
add name=”pcq-down” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-up” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
—> Queue Tree
[admin@satelit-internet]/queue tree
add name=”download” parent=lan packet-mark=download limit-at=0 queue=pcq-down priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
—> Queue simple
[admin@satelit-internet]/queue simple
add name=”squid” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_packet direction=both priority=8 queue=default-small/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small
add name=”irc” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=irc direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 max-limit=16000/16000 total-queue=default-small
add name=”DNS” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=DNS direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small
add name=”icmp” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small
add name=”parent” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=download,upload direction=both priority=8 queue=default-small/pcq-down limit-at=0/0 max-limit=0/0 total-queue=default-small
add name=”Satelit-01″ target-addresses=192.168.1.100/32 dst-address=0.0.0.0/0 interface=all parent=parent packet-marks=download,upload direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
.
.
.
dst sampe 15 client
selese juga. lumayan seharian gk tidur melototin mikrotik.
Ref : http://dotec.wordpress.com/2008/11/25/load-balancing-3-speedy/
No comments:
Post a Comment